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WHAT IS CLAIMED IS : 

1 . A method of authenticating a resource reservation message sent between a source 
node and a destination node in a network, comprising: 

constructing an outgoing resource reservation message, the message comprising a 
plurality of objects ; 

selecting multiple objects of the message; 

constructing a list identifying each of the selected multiple objects; 
calculating a message integrity value using the selected multiple objects of the 
message; 

inserting the calculated integrity value and the constructed list in the message; 
sending the message, from the source node, across a network to the destination 
node; and 

authenticating the multiple objects of the message at the destination node using 
the message integrity value and the constructed list. 

2. The method of claim 1, further comprising: 

inserting an identifier, that serves to identify either the source node or the 
destination node, in the message. 

3. The method of claim 2, wherein calculating the message integrity value further 
uses the identifier. 



16 



Docket No.: 0023-0125 

4. The method of claim 2, wherein the identifier comprises a network address 
associated with at least one of the source node or the destination node. 

5. The method of claim 4, wherein calculating the message integrity value further 
uses the network address. 

6. The method of claim 1, wherein the list comprises an ordered list, and wherein 
calculating the message integrity value comprises using the selected multiple objects in 
an order specified by the ordered list. 

7. The method of claim 1, wherein each of the plurality of objects comprises a field 
of the message. 

8. The method of claim 1, wherein the message comprises at least one of a packet, a 
cell, a datagram, a fragment of a packet, a fragment of a datagram, and a fragment of a 
cell. 

9. The method of claim 1, wherein the message comprises a Resource Reservation 
Protocol (RS VP) path message. 

10. The method of claim 1, wherein the message comprises a Resource Reservation 
Protocol (RSVP) reservation request message. 
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1 1 . The method of claim 1 , wherein calculating the message integrity value comprises 
using a cryptographic algorithm. 

12. The method of claim 11, wherein the cryptographic algorithm comprises at least 
one of an MD5 message digest algorithm, a secure hash algorithm (SHS), a RJPEMD- 
160 algorithm, a message authentication code (MAC) algorithm, a Cyclical Redundancy 
Checking (CRC) algorithm, a private key encryption algorithm, and a public encryption 

5 key algorithm. 

1 3 . The method of claim 1 , further comprising: 

extracting, at the destination node, the list identifying each of the selected 
multiple objects from the message. 

14. The method of claim 13, wherein authenticating the multiple objects of the 
message at the destination node using the message integrity value comprises: 

authenticating the multiple objects of the message specified by the extracted list . 

15. The method of claim 1 , wherein the message is used by routers in the network for 
establishing a desired level of quality of service for transmissions between the source 
node and the destination node. 

16. A system for performing resource reservation authentication in a network, 
comprising: 
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a source node configured to: 

construct an outgoing resource reservation message, the message 
comprising a plurality of objects, 

select multiple objects of the message, 

construct a list identifying each of the selected multiple objects, 

calculate a message integrity value using the selected multiple objects and 
the constructed list, 

insert the calculated message integrity value and the constructed list in the 
message, and 

send the message across the network; and 
a destination node configured to: 

receive the message, and 

authenticate the message using the message integrity value and the 
constructed list. \ 

A network device, comprising: 

a memory configured to store instructions; and 

a processor configured to execute the instructions in the memory to: 

construct an outgoing resource reservation message, the message 
comprising a plurality of objects , 

select multiple objects of the message, 

construct a list identifying each of the selected multiple objects, 
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calculate a message integrity value using the selected multiple objects of 
the message, 

insert the message integrity value and the constructed list into the 
message, and 

forward the message across a network to a destination node for 
authentication at the destination node using the inserted message integrity value 
and the constructed list. 

1 8. The device of claim 17, wherein the list comprises an ordered list, and wherein 
calculating the message integrity value comprises using the selected multiple objects in 
an order specified by the ordered list. 

1 9. The device of claim 1 7, wherein each of the plurality of objects comprises a field 
of the message. 

20. The device of claim 1 7, wherein the message comprises at least one of a packet, a 
cell, a datagram, a fragment of a packet, a fragment of a datagram, and a fragment of a 
cell. 

2 1 . The device of claim 1 7, wherein the message comprises a Resource Reservation 
Protocol (RSVP) path message. 
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22. The device of claim 1 7, wherein the message comprises a Resource Reservation 
Protocol (RSVP) reservation request message. 

23. The device of claim 1 7, wherein the message integrity value is calculated using a 
cryptographic algorithm. 

24. The device of claim 23, wherein the cryptographic algorithm comprises at least 
one of a MD5 message digest algorithm, a secure hash algorithm (SHS), a RIPEMD-160 
algorithm, a message authentication code (MAC) algorithm, a Cyclical Redundancy 
Checking (CRC) algorithm, a private key encryption algorithm, and a public encryption 
key algorithm. 

25. The device of claim 1 7, wherein the message is used by routers in the network for 
establishing a desired level of quality of service for transmissions between the network 
device and the destination node. 

26. A method of performing resource reservation authentication between a source 
node and a destination node in a network, comprising: 

constructing an outgoing resource reservation message; 

determining, at the source node, an authentication value using at least a portion of 
the message; 

inserting the authentication value in the message; 
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forwarding the message from the source node to the destination node across the 
network; and 

authenticating the message at the destination node using the authentication value. 

27. The method of claim 26, wherein the outgoing resource reservation message 
comprises at least one of a packet, a cell, a datagram, a fragment of a packet, a fragment 
of a datagram, and a fragment of a cell. 

28. The method of claim 26, wherein the message comprises a Resource Reservation 
Protocol (RSVP) path message. 

29. The method of claim 26, wherein the message comprises a Resource Reservation 
Protocol (RSVP) reservation request message. 

30. The method of claim 26, wherein the authentication value is determined using a 
cryptographic algorithm. 

3 1 . The method of claim 30, wherein the cryptographic algorithm comprises at least 
one of a MD5 message digest algorithm, a secure hash algorithm (SHS), a RIPEMD-160 
algorithm, a message authentication code (MAC) algorithm, a Cyclical Redundancy 
Checking (CRC) algorithm, a private key encryption algorithm, and a public encryption 

5 key algorithm. 
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32. The method of claim 26, wherein the resource reservation message is used by 
network devices in the network for establishing a desired level of quality of service for 
transmissions between the source node and the destination node. 

33. A network device, comprising: 

a memory configured to store instructions; and 

a processor configured to execute the instructions in the memory to: 
construct an outgoing resource reservation message, 
determine an authentication value using at least a portion of the outgoing 

message and a cryptographic algorithm, 

identify a destination node for the message, 

insert the authentication value in the message, and 

send the message across a network to the destination node for 

authentication at the destination node using the authentication value. 

34. The device of claim 33, wherein the message comprises a Resource Reservation 
Protocol (RS VP) path message. 

35. The device of claim 33, wherein the message comprises a Resource Reservation 
Protocol (RSVP) reservation request message. 

36. The device of claim 33, wherein the cryptographic algorithm comprises at least 
one of a MD5 message digest algorithm, a secure hash algorithm (SHS), a RIPEMD-160 
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algorithm, a message authentication code (MAC) algorithm, a Cyclical Redundancy 
Checking (CRC) algorithm, a private key encryption algorithm, and a public encryption 
key algorithm. 

37. The device of claim 33, wherein the message is used by routers in the packet- 
switched network for establishing a desired level of quality of service for transmissions 
between the network device and the destination node. 

38. A system for performing resource reservation authentication between a source 
node and a destination node in a network, the system comprising: 

means for constructing a resource reservation message; 

means for generating, at the source node, an authentication value using at least a 
portion of the message; 

means for inserting the authentication value in the message; 

means for transmitting the message from the source node to the destination node 
across the network; and 

means for authenticating the message at the destination node using the 
authentication value. 
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